Python : Weak hashing algorithm
Classification
Overview
The hash function used is not secure. Its use may result in loss of data privacy.
Confidential data leak vulnerabilities rank third in the OWASP Top 10 2017 web application vulnerabilities.
Hash functions MD2, MD5, SHA1 have vulnerabilities. Finding collisions for MD2 and MD5 functions does not require significant resources; a similar problem was solved for SHA1. If these features are used to store valuable information (such as passwords), its confidentiality may be compromised.
The hash function used to store passwords, in addition to collision resistance, should not be too fast. This complicates the attack by exhaustive search. For this purpose, specialized hash functions have been developed: PBKDF2, bcrypt, scrypt.
Have user passwords stored on the server encrypted using an insecure hash function (such as MD5). Possible attack scenario:
- An attacker gains access to the encrypted password database.
- An attacker, using a hashing algorithm vulnerability, calculates a string for which the hashing algorithm gives the same value as for the user’s password.
- The attacker authenticates using the computed string.
References
- OWASP Top 10 2013-A6-Sensitive Data Exposure
- OWASP: Top 10 2010-A7-Insecure Cryptographic Storage
- CWE-326: Inadequate Encryption Strength
- NIST Approved Algorithms
- How to securely hash passwords – Thomas Pornin / stackoverflow.com
- MD5 considered harmful today. Creating a rogue CA certificate – Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger / win.tue.nl
- hashlib - Secure hashes and message digests
- OWASP Top 10 2017-A3-Sensitive Data Exposure
- PyCrypto - The Python Cryptography Toolkit
- Cryptography library
- PassLib library
- CWE-328
- CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
- Bleichenbacher’s attack